aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java244
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java378
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java168
3 files changed, 1 insertions, 789 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
index 66f91266f..68d5ae299 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
@@ -1,29 +1,17 @@
package at.gv.egovernment.moa.id.auth.modules;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_CACHE_CONTROL;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_EXPIRES;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_PRAGMA;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_EXPIRES;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_PRAGMA;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileItemFactory;
@@ -36,24 +24,16 @@ import org.apache.commons.lang3.ObjectUtils;
import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.IRequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;
-import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -63,8 +43,6 @@ import at.gv.egovernment.moa.util.MiscUtil;
*/
public abstract class AbstractAuthServletTask extends MoaIdTask {
- @Autowired private StatisticLogger statisticLogger;
- @Autowired private ITransactionStorage transactionStorage;
@Autowired protected IRequestStorage requestStoreage;
@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
@Autowired protected MOAReversionLogger revisionsLogger;
@@ -116,165 +94,6 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
}
}
-
- protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
- HttpServletRequest req, HttpServletResponse resp) {
-
- if (null != errorMessage) {
- Logger.error(errorMessage);
- req.setAttribute("ErrorMessage", errorMessage);
- }
-
- if (null != exceptionThrown) {
- if (null == errorMessage)
- errorMessage = exceptionThrown.getMessage();
- Logger.error(errorMessage, exceptionThrown);
- req.setAttribute("ExceptionThrown", exceptionThrown);
- }
-
- if (Logger.isDebugEnabled()) {
- req.setAttribute("LogLevel", "debug");
- }
-
- statisticLogger.logErrorOperation(exceptionThrown);
-
- // forward this to errorpage-auth.jsp where the HTML error page is
- // generated
- ServletContext context = req.getServletContext();
- RequestDispatcher dispatcher = context
- .getRequestDispatcher("/errorpage-auth.jsp");
- try {
-
- resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
- resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
- resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
-
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
- Logger.error(e);
- }
- }
-
- /**
- * Handles an error. <br>>
- * <ul>
- * <li>Logs the error</li>
- * <li>Places error message and exception thrown into the request as request
- * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
- * <li>Sets HTTP status 500 (internal server error)</li>
- * </ul>
- *
- * @param errorMessage
- * error message
- * @param exceptionThrown
- * exception thrown
- * @param req
- * servlet request
- * @param resp
- * servlet response
- */
- protected void handleError(String errorMessage, Throwable exceptionThrown,
- HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
-
- if (null != errorMessage) {
- Logger.error(errorMessage);
- req.setAttribute("ErrorMessage", errorMessage);
- }
-
- if (null != exceptionThrown) {
- if (null == errorMessage)
- errorMessage = exceptionThrown.getMessage();
- Logger.error(errorMessage, exceptionThrown);
- req.setAttribute("ExceptionThrown", exceptionThrown);
- }
-
- if (Logger.isDebugEnabled()) {
- req.setAttribute("LogLevel", "debug");
- }
-
- if (!(exceptionThrown instanceof MOAIDException)) {
- Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);
-
- }
-
-
- try {
- String key = Random.nextRandom();
- transactionStorage.put(key, exceptionThrown);
-
- if (key != null && MiscUtil.isNotEmpty(pendingRequestID)) {
- String redirectURL = null;
-
- redirectURL = ServletUtils.getBaseUrl(req) + "/";
- redirectURL += AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT
- + "?" + ERROR_CODE_PARAM + "=" + key
- + "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
-
- resp.setContentType("text/html");
- resp.setStatus(302);
-
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
-
- return;
-
- } else {
- //Exception can not be stored in database
- handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
- }
-
- } catch (MOADatabaseException e) {
- Logger.warn("Exception can not be stored to Database.", e);
- handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
-
- }
-
-
-
-
- }
-
- /**
- * Handles a <code>WrongParametersException</code>.
- *
- * @param req
- * servlet request
- * @param resp
- * servlet response
- */
- protected void handleWrongParameters(WrongParametersException ex,
- HttpServletRequest req, HttpServletResponse resp) {
- Logger.error(ex.toString());
- req.setAttribute("WrongParameters", ex.getMessage());
-
- // forward this to errorpage-auth.jsp where the HTML error page is
- // generated
- ServletContext context = req.getServletContext();
- RequestDispatcher dispatcher = context
- .getRequestDispatcher("/errorpage-auth.jsp");
- try {
- setNoCachingHeaders(resp);
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
- Logger.error(e);
- }
- }
-
- /**
- * Logs all servlet parameters for debugging purposes.
- */
- protected void logParameters(HttpServletRequest req) {
- for (Enumeration params = req.getParameterNames(); params
- .hasMoreElements();) {
- String parname = (String) params.nextElement();
- Logger.debug("Parameter " + parname + req.getParameter(parname));
- }
- }
/**
* Parses the request input stream for parameters, assuming parameters are
@@ -334,27 +153,7 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
}
}
- else {
- // request is encoded as application/x-www-urlencoded
- // [tknall]: we must not consume request body input stream once servlet-api request parameters have been accessed
-
- /*
- InputStream in = req.getInputStream();
-
- String paramName;
- String paramValueURLEncoded;
- do {
- paramName = new String(readBytesUpTo(in, '='));
- if (paramName.length() > 0) {
- paramValueURLEncoded = readBytesUpTo(in, '&');
- String paramValue = URLDecoder.decode(paramValueURLEncoded,
- "UTF-8");
- parameters.put(paramName, paramValue);
- }
- } while (paramName.length() > 0);
- in.close();
- */
-
+ else {
Iterator<Entry<String, String[]>> requestParamIt = req.getParameterMap().entrySet().iterator();
while (requestParamIt.hasNext()) {
Entry<String, String[]> entry = requestParamIt.next();
@@ -394,19 +193,6 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
}
/**
- * Sets response headers that prevent caching (code taken from {@link AuthServlet}).
- *
- * @param resp
- * The HttpServletResponse.
- */
- public void setNoCachingHeaders(HttpServletResponse resp) {
- resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
- resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
- resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
- }
-
- /**
* Adds a parameter to a URL.
*
* @param url
@@ -425,32 +211,4 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
else
return url + "&" + param;
}
-
- /**
- * Checks if HTTP requests are allowed
- *
- * @param authURL
- * requestURL
- * @throws AuthenticationException
- * if HTTP requests are not allowed
- * @throws ConfigurationException
- */
- protected void checkIfHTTPisAllowed(String authURL)
- throws AuthenticationException, ConfigurationException {
- // check if HTTP Connection may be allowed (through
- // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
-
- //Removed from MOA-ID 2.0 config
-// String boolStr = AuthConfigurationProvider
-// .getInstance()
-// .getGenericConfigurationParameter(
-// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:"))
- //&& (false == BoolUtils.valueOf(boolStr))
- )
- throw new AuthenticationException("auth.07", new Object[] { authURL
- + "*" });
-
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
deleted file mode 100644
index fb6c71846..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ /dev/null
@@ -1,378 +0,0 @@
-///*******************************************************************************
-// * Copyright 2014 Federal Chancellery Austria
-// * MOA-ID has been developed in a cooperation between BRZ, the Federal
-// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
-// *
-// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
-// * the European Commission - subsequent versions of the EUPL (the "Licence");
-// * You may not use this work except in compliance with the Licence.
-// * You may obtain a copy of the Licence at:
-// * http://www.osor.eu/eupl/
-// *
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the Licence is distributed on an "AS IS" basis,
-// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// * See the Licence for the specific language governing permissions and
-// * limitations under the Licence.
-// *
-// * This product combines work with different licenses. See the "NOTICE" text
-// * file for details on the various modules and licenses.
-// * The "NOTICE" text file is part of the distribution. Any derivative works
-// * that you distribute must include a readable copy of the "NOTICE" text file.
-// ******************************************************************************/
-///*
-// * Copyright 2003 Federal Chancellery Austria
-// * MOA-ID has been developed in a cooperation between BRZ, the Federal
-// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
-// *
-// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
-// * the European Commission - subsequent versions of the EUPL (the "Licence");
-// * You may not use this work except in compliance with the Licence.
-// * You may obtain a copy of the Licence at:
-// * http://www.osor.eu/eupl/
-// *
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the Licence is distributed on an "AS IS" basis,
-// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// * See the Licence for the specific language governing permissions and
-// * limitations under the Licence.
-// *
-// * This product combines work with different licenses. See the "NOTICE" text
-// * file for details on the various modules and licenses.
-// * The "NOTICE" text file is part of the distribution. Any derivative works
-// * that you distribute must include a readable copy of the "NOTICE" text file.
-// */
-//
-//package at.gv.egovernment.moa.id.auth.servlet;
-//
-//import java.io.IOException;
-//
-//import javax.servlet.RequestDispatcher;
-//import javax.servlet.ServletConfig;
-//import javax.servlet.ServletContext;
-//import javax.servlet.ServletException;
-//import javax.servlet.http.HttpServlet;
-//import javax.servlet.http.HttpServletRequest;
-//import javax.servlet.http.HttpServletResponse;
-//
-//import org.springframework.beans.BeansException;
-//import org.springframework.beans.factory.NoSuchBeanDefinitionException;
-//import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
-//import org.springframework.web.context.WebApplicationContext;
-//import org.springframework.web.context.support.WebApplicationContextUtils;
-//
-//import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
-//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-//import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-//import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-//import at.gv.egovernment.moa.id.config.ConfigurationException;
-//import at.gv.egovernment.moa.id.process.ProcessEngine;
-//import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-//import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
-//import at.gv.egovernment.moa.id.storage.IExceptionStore;
-//import at.gv.egovernment.moa.id.util.ServletUtils;
-//import at.gv.egovernment.moa.logging.Logger;
-//import at.gv.egovernment.moa.util.MiscUtil;
-//
-///**
-// * Base class for MOA-ID Auth Servlets, providing standard error handling and
-// * constant names.
-// *
-// * @author Paul Ivancsics
-// * @version $Id$
-// */
-//public class AuthServlet extends HttpServlet {
-//
-// /**
-// *
-// */
-// private static final long serialVersionUID = -6929905344382283738L;
-//
-// protected static final String ERROR_CODE_PARAM = "errorid";
-//
-// /**
-// * The process engine.
-// */
-// private ProcessEngine processEngine;
-//
-// @Override
-// protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-// throws ServletException, IOException {
-// Logger.debug("GET " + this.getServletName());
-//
-// this.setNoCachingHeadersInHttpRespone(req, resp);
-// }
-//
-// protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
-// HttpServletRequest req, HttpServletResponse resp) {
-//
-// if (null != errorMessage) {
-// Logger.error(errorMessage);
-// req.setAttribute("ErrorMessage", errorMessage);
-// }
-//
-// if (null != exceptionThrown) {
-// if (null == errorMessage)
-// errorMessage = exceptionThrown.getMessage();
-// Logger.error(errorMessage, exceptionThrown);
-// req.setAttribute("ExceptionThrown", exceptionThrown);
-// }
-//
-// if (Logger.isDebugEnabled()) {
-// req.setAttribute("LogLevel", "debug");
-// }
-//
-//
-// StatisticLogger logger = StatisticLogger.getInstance();
-// logger.logErrorOperation(exceptionThrown);
-//
-//
-// // forward this to errorpage-auth.jsp where the HTML error page is
-// // generated
-// ServletContext context = getServletContext();
-// RequestDispatcher dispatcher = context
-// .getRequestDispatcher("/errorpage-auth.jsp");
-// try {
-//
-// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
-// MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
-// MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-//
-// dispatcher.forward(req, resp);
-// } catch (ServletException e) {
-// Logger.error(e);
-// } catch (IOException e) {
-// Logger.error(e);
-// }
-// }
-//
-// /**
-// * Handles an error. <br>>
-// * <ul>
-// * <li>Logs the error</li>
-// * <li>Places error message and exception thrown into the request as request
-// * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
-// * <li>Sets HTTP status 500 (internal server error)</li>
-// * </ul>
-// *
-// * @param errorMessage
-// * error message
-// * @param exceptionThrown
-// * exception thrown
-// * @param req
-// * servlet request
-// * @param resp
-// * servlet response
-// */
-// protected void handleError(String errorMessage, Throwable exceptionThrown,
-// HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
-//
-// Throwable loggedException = null;
-//
-// if (exceptionThrown != null
-// && exceptionThrown instanceof ProcessExecutionException) {
-// ProcessExecutionException procExc =
-// (ProcessExecutionException) exceptionThrown;
-// if (procExc.getCause() != null &&
-// procExc.getCause() instanceof TaskExecutionException) {
-// TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause();
-// loggedException = taskExc.getOriginalException();
-//
-// }
-// }
-//
-// if (loggedException == null)
-// loggedException = exceptionThrown;
-//
-//
-// if (!(loggedException instanceof MOAIDException)) {
-// Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException);
-//
-// } else {
-// if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) {
-// Logger.error(loggedException.getMessage(), loggedException);
-//
-// } else {
-// Logger.error(loggedException.getMessage());
-//
-// }
-// }
-//
-// IExceptionStore store = DBExceptionStoreImpl.getStore();
-// String id = store.storeException(loggedException);
-//
-// if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
-//
-// String redirectURL = null;
-//
-// redirectURL = ServletUtils.getBaseUrl(req);
-//
-// //TODO: DEVELOPMENT
-//// redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id
-//// + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
-//
-// resp.setContentType("text/html");
-// resp.setStatus(302);
-//
-// resp.addHeader("Location", redirectURL);
-// Logger.debug("REDIRECT TO: " + redirectURL);
-//
-// return;
-//
-// } else {
-//
-// //Exception can not be stored in database
-// handleErrorNoRedirect(errorMessage, loggedException, req, resp);
-// }
-// }
-//
-// /**
-// * Handles a <code>WrongParametersException</code>.
-// *
-// * @param req
-// * servlet request
-// * @param resp
-// * servlet response
-// */
-// protected void handleWrongParameters(WrongParametersException ex,
-// HttpServletRequest req, HttpServletResponse resp) {
-// Logger.error(ex.toString());
-// req.setAttribute("WrongParameters", ex.getMessage());
-//
-// // forward this to errorpage-auth.jsp where the HTML error page is
-// // generated
-// ServletContext context = getServletContext();
-// RequestDispatcher dispatcher = context
-// .getRequestDispatcher("/errorpage-auth.jsp");
-// try {
-// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
-// MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
-// MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-//
-// dispatcher.forward(req, resp);
-// } catch (ServletException e) {
-// Logger.error(e);
-// } catch (IOException e) {
-// Logger.error(e);
-// }
-// }
-//
-//
-// /**
-// * Calls the web application initializer.
-// *
-// * @see javax.servlet.Servlet#init(ServletConfig)
-// */
-// public void init(ServletConfig servletConfig) throws ServletException {
-// super.init(servletConfig);
-// }
-//
-//
-// /**
-// * Set response headers to avoid caching
-// *
-// * @param request
-// * HttpServletRequest
-// * @param response
-// * HttpServletResponse
-// */
-// protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request,
-// HttpServletResponse response) {
-// response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
-// MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-// response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
-// MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-// response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-// response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-//
-// }
-//
-// /**
-// * Adds a parameter to a URL.
-// *
-// * @param url
-// * the URL
-// * @param paramname
-// * parameter name
-// * @param paramvalue
-// * parameter value
-// * @return the URL with parameter added
-// */
-// protected static String addURLParameter(String url, String paramname,
-// String paramvalue) {
-// String param = paramname + "=" + paramvalue;
-// if (url.indexOf("?") < 0)
-// return url + "?" + param;
-// else
-// return url + "&" + param;
-// }
-//
-// /**
-// * Checks if HTTP requests are allowed
-// *
-// * @param authURL
-// * requestURL
-// * @throws AuthenticationException
-// * if HTTP requests are not allowed
-// * @throws ConfigurationException
-// */
-// protected void checkIfHTTPisAllowed(String authURL)
-// throws AuthenticationException, ConfigurationException {
-// // check if HTTP Connection may be allowed (through
-// // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
-//
-// //Removed from MOA-ID 2.0 config
-//// String boolStr = AuthConfigurationProvider
-//// .getInstance()
-//// .getGenericConfigurationParameter(
-//// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
-// if ((!authURL.startsWith("https:"))
-// //&& (false == BoolUtils.valueOf(boolStr))
-// )
-// throw new AuthenticationException("auth.07", new Object[] { authURL
-// + "*" });
-//
-// }
-//
-//
-// /**
-// * Returns the underlying process engine instance.
-// *
-// * @return The process engine (never {@code null}).
-// * @throws NoSuchBeanDefinitionException
-// * if no {@link ProcessEngine} bean was found.
-// * @throws NoUniqueBeanDefinitionException
-// * if more than one {@link ProcessEngine} bean was found.
-// * @throws BeansException
-// * if a problem getting the {@link ProcessEngine} bean occurred.
-// * @throws IllegalStateException
-// * if the Spring WebApplicationContext was not found, which means that the servlet is used outside a
-// * Spring web environment.
-// */
-// public synchronized ProcessEngine getProcessEngine() {
-// if (processEngine == null) {
-// WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext());
-// if (ctx == null) {
-// throw new IllegalStateException(
-// "Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment.");
-// }
-// processEngine = ctx.getBean(ProcessEngine.class);
-// }
-// return processEngine;
-// }
-//
-//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
deleted file mode 100644
index 663a14881..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ /dev/null
@@ -1,168 +0,0 @@
-///*******************************************************************************
-// * Copyright 2014 Federal Chancellery Austria
-// * MOA-ID has been developed in a cooperation between BRZ, the Federal
-// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
-// *
-// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
-// * the European Commission - subsequent versions of the EUPL (the "Licence");
-// * You may not use this work except in compliance with the Licence.
-// * You may obtain a copy of the Licence at:
-// * http://www.osor.eu/eupl/
-// *
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the Licence is distributed on an "AS IS" basis,
-// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// * See the Licence for the specific language governing permissions and
-// * limitations under the Licence.
-// *
-// * This product combines work with different licenses. See the "NOTICE" text
-// * file for details on the various modules and licenses.
-// * The "NOTICE" text file is part of the distribution. Any derivative works
-// * that you distribute must include a readable copy of the "NOTICE" text file.
-// ******************************************************************************/
-//package at.gv.egovernment.moa.id.auth.servlet;
-//
-//import java.io.IOException;
-//import java.util.Enumeration;
-//
-//import javax.servlet.ServletException;
-//import javax.servlet.http.HttpServletRequest;
-//import javax.servlet.http.HttpServletResponse;
-//
-//import org.apache.commons.lang.StringEscapeUtils;
-//
-//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-//import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-//import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-//import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
-//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-//import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
-//import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-//import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-//import at.gv.egovernment.moa.logging.Logger;
-//import at.gv.egovernment.moa.util.MiscUtil;
-//
-//public class GenerateIFrameTemplateServlet extends AuthServlet {
-//
-// private static final long serialVersionUID = 1L;
-//
-// protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-// throws ServletException, IOException {
-// Logger.debug("Receive " + GenerateIFrameTemplateServlet.class + " Request");
-//
-// String pendingRequestID = null;
-//
-// try {
-// String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);
-// moasessionid = StringEscapeUtils.escapeHtml(moasessionid);
-// AuthenticationSession moasession = null;
-// try {
-// pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
-// moasession = AuthenticationSessionStoreage.getSession(moasessionid);
-//
-// } catch (MOADatabaseException e) {
-// Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
-// throw new MOAIDException("init.04", new Object[] {
-// moasessionid});
-//
-// } catch (Throwable e) {
-// Logger.info("No HTTP Session found!");
-// throw new MOAIDException("auth.18", new Object[] {});
-// }
-//
-//
-//
-// ExecutionContext ec = new ExecutionContextImpl();
-// // set execution context
-// Enumeration<String> reqParamNames = req.getParameterNames();
-// while(reqParamNames.hasMoreElements()) {
-// String paramName = reqParamNames.nextElement();
-// if (MiscUtil.isNotEmpty(paramName))
-// ec.put(paramName, req.getParameter(paramName));
-//
-// }
-//
-// ec.put("pendingRequestID", pendingRequestID);
-// ec.put(MOAIDAuthConstants.PARAM_SESSIONID, moasessionid);
-//
-//// String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU);
-//// String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE);
-//// String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC);
-//// ec.put("ccc", moasession.getCcc());
-//// ec.put("useMandate", moasession.getUseMandate());
-//// ec.put("bkuURL", moasession.getBkuURL());
-//
-// // select and create process instance
-// String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec);
-// if (processDefinitionId == null) {
-// Logger.warn("No suitable process found for SessionID " + moasession.getSessionID());
-// throw new MOAIDException("process.02", new Object[] { moasession.getSessionID() });
-// }
-//
-// String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec);
-//
-// // keep process instance id in moa session
-// moasession.setProcessInstanceId(processInstanceId);
-//
-// // make sure moa session has been persisted before running the process
-// try {
-// AuthenticationSessionStoreage.storeSession(moasession);
-// } catch (MOADatabaseException e) {
-// Logger.error("Database Error! MOASession is not stored!");
-// throw new MOAIDException("init.04", new Object[] { moasession.getSessionID() });
-// }
-//
-// Logger.info("BKU is selected -> Start BKU communication ...");
-//
-// // start process
-// getProcessEngine().start(processInstanceId);
-//
-// }
-// catch (WrongParametersException ex) {
-// handleWrongParameters(ex, req, resp);
-// }
-//
-// catch (MOAIDException ex) {
-// handleError(null, ex, req, resp, pendingRequestID);
-//
-// } catch (ProcessExecutionException e) {
-// Throwable cause = e.getCause();
-// if (cause != null && cause instanceof TaskExecutionException) {
-// Throwable taskCause = cause.getCause();
-// if (taskCause != null && taskCause instanceof WrongParametersException) {
-// WrongParametersException internalEx = (WrongParametersException) taskCause;
-// handleWrongParameters(internalEx, req, resp);
-// return;
-//
-// } else if (taskCause != null && taskCause instanceof MOAIDException) {
-// MOAIDException moaTaskCause = (MOAIDException) taskCause;
-// handleError(null, moaTaskCause, req, resp, pendingRequestID);
-// return;
-//
-// }
-// }
-//
-// Logger.error("BKUSelectionServlet has an interal Error.", e);
-//
-// } catch (Exception e) {
-// Logger.error("BKUSelectionServlet has an interal Error.", e);
-//
-// }
-//
-// finally {
-//
-// }
-// }
-//
-//
-//
-//
-//
-//
-//
-//
-//
-//}